Also, when doing a gfsh connect (not just start server) that specifies user and password on the command line, if a further command of gfsh history --file=historyfilename is executed, the user and password are written in clear text to the history file.
On Tue, Nov 15, 2016 at 12:31 PM, Jinmei Liao <jil...@pivotal.io> wrote: > I thought we had code that deals with redacting password in gfsh history, > not sure why it's not in effect anymore. > > On Tue, Nov 15, 2016 at 2:27 PM, Swapnil Bawaskar <sbawas...@pivotal.io> > wrote: > > > When you want to connect to a secure system you can choose not to use the > > --password option at which point you will be prompted to enter a > > username/password. > > e.g: > > gfsh>connect --locator=localhost[10334] > > Connecting to Locator at [host=localhost, port=10334] .. > > Connecting to Manager at [host=192.168.1.181, port=1099] .. > > username: super-user > > password: **** > > > > > > On Tue, Nov 15, 2016 at 11:55 AM, Kirk Lund <kl...@apache.org> wrote: > > > > > There should be redaction in gfsh history. Maybe repeating the command > > is a > > > case that wasn't fully covered? This is a bug we'll need to file and > fix. > > > > > > Clear text in process string is probably not a bug. Users should > > implement > > > a callback to provide the password instead of providing it as a system > > > property unless they're ok with it showing in the process string. This > > may > > > need more documentation? > > > > > > The logs should not contain the clear text password and this would be a > > bug > > > if it does. > > > > > > -Kirk > > > > > > > > > On Tue, Nov 15, 2016 at 11:08 AM, Karen Miller <kmil...@apache.org> > > wrote: > > > > > > > When specifying user name and password to use as authentication > > > credentials > > > > with the gfsh start server command, the password is specified in the > > > clear. > > > > I've added a note in the documentation to point this out, but > > specifying > > > a > > > > password > > > > in this way leads to further ways the clear text password can be > seen. > > > > > > > > - gfsh history will repeat back the command with the password shown > > > > - any user on the box can see the clear text password with 'ps' > > > > - (haven't checked if this happens) logs may have the clear text > > password > > > > > > > > Is this an issue? The history is for a particular user, so not so > bad. > > > > Logs can use file system permissions to reduce access. But anyone > with > > > > access to the box can list the processes. > > > > > > > > Karen > > > > > > > > > > > > > -- > Cheers > > Jinmei >
